Audit Alert Scenarios: System Center Operations Manager (OpsMgr) 2007 R2

The other day I was asked to assist with implementing the scenarios below: Scenario 1: Alert for changes to the ‘Domain Admin’ group membership Scenario 2: Alert when the Audit Policy is changed (Default Domain or Domain Controller) Scenario 3: Alert when xx number of unsuccessful logons occur within nn hours Scenario 4: Account locked…


Audit Report Scenarios: How to create custom reports with System Center Operations Manager 2007 R2 and Audit Collection Services (ACS)

Scenarios that are discussed in this blog post include: Scenario 1: Computers joined to the domain (names and description) Scenario 2: User passwords expired Scenario 3: User accounts locked out Scenario 4: Group policy changes Scenario 1: Computers joined to the domain (names and description) The following Event Id’s will be used in this procedure:…


Quick Tip: How to run an ACS Forwarder, Collector, RMS and DC on the same host

Manually enable the ‘Operations Manager Audit Forwarding Service’ (AdtAgent.exe). Regedit > [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\AdtAgent\Parameters] > New > Multi-String Value > AdtServers > ‘CollectorFQDN’ Note: Step 2 resolved Event ID 4369 (with a blank list of collectors) for me. Hopefully this configuration of roles will only ever be used in a lab environment!


Script: Bulk approve WSUS updates from CSV input file

Hope this script will help someone out there!  # Script # Author: Johan Vosloo# Date: 16-10-2009# Purpose: Bulk approve updates by specifying the UpdateID, WSUS Group Name and a Computer Name (any computer that is a member of the applicable group).# Disclaimer: This script is provided as-is without any support. Script was tested on WSUS 3.0…


How to determine Paged and Nonpaged pool limits

This is yet another article on how to determine Paged and Nonpaged pool limits. This method does not require internet access on the computer that we want to analyse. I recently had a customer that experienced pool exhaustion on a failover cluster and this method helped to understand the effects of various changes (e.g. /3GB,…



The information in this weblog is provided “AS IS” with no warranties, and confers no rights. This weblog does not represent the thoughts, intentions, plans or strategies of my employer. It is solely my opinion. Inappropriate comments will be deleted at the authors discretion. All code samples are provided “AS IS” without warranty of any…